Do you use let's encrypt?

Archive for 2009

Recently there was a message posted upon the debian-user-german mailing list asking if there is a way to create BIND-compliant DNS-Updates with regulars dyndns-clients from routers. The Idea behind this is to get rid of dyndns.org services and provide an independent way to maintain dynamic dns entries for boxes without a static ip-address without the need of dyndns providers. The goal was to create a text file which could be used as input for nsupdate with cron to run it frequently.

I have got e.g. two servers with Apache and Postfix and a virtual IP (from heartbeat-1). Well, heartbeat is working well and it is simple to deal with complete server outages, but how can I configure heartbeat, so that it also switches the server, if one of the above services fail?

After much trial and error, I have a Debian Lenny x86_64 server with apache2, php5, and connectivity to an Informix database server. Here are the steps I went through. Much of this information I found at http://devzone.zend.com/article/4290.

I have a laptop that travels with me to work as well as being used at home. I have a number of network CIFS mounts that I like to have available when I am at home, so I have them set to "auto" in /etc/fstab. When I am at work, I use a Mobile Broadband card to connect to the Internet. When at home, I typically use Ethernet.

Many of us are familiar with the use of Apache for hosting websites. It might not be the fastest webserver but it is extraordinarily popular, extremely flexible, and a great choice for most people. However there are times when it can struggle, and placing a proxy in front of it can be useful.

This article is about Offline Package Management in Debian. Debian is a pretty well known project. One of the things that makes Debian very popular is APT (a.k.a Advanced Packaging Tool) which allows remote package downloads, upgrades and dependency resolution. Unfortunately it does require a network connection - unless you use apt-offline.

Adding searching facilities to websites makes it a lot easier for finding content. When sites are dynamically constructed it is often simple to update the code to perform the searching in the application, but for sites constructed of static pages using an indexer such as namazu can give you a great interface in very short space of time.

I'm eager to try org-mode for emacs and see it comes with emacs23. I've just updated from etch to lenny (only kinks were having to re-setup nVidia's driver, remove && install gdm+gnome, install a new VMware (just run the .bundle file worked a treat!)) only to discover there's no emacs23 available.

I've got the org-mode for Lenny's emacs22 but now I know of emacs23 I'm keen to try that - any ideas?

This article is meant to serve as a guide for migrating a live system from ext3 to an ext4 filesystem, including migration of files to use extents, a major feature in ext4. It describes the entire migration procedure, including common pitfalls involving a migration of a live system, as opposed to doing a fresh install.

The purpose of this article is to give you a straight-forward, Debian-friendly way of installing and configuring Viper, a system for completely automated installation and configuration of Debian GNU based systems.

This article shows how to rebuild only a single module that comes with the main kernel tree for folks that neither need nor want to rebuild the whole kernel. If you want to build an out-of-tree module, than that module's documentation is probably the best starting point.

Once in a time, I get to travel to places that make me worry about the data on my laptop. This time, it is not the US, but another openly democratic country where they kill you for a joint, let alone nude pictures. Enough politics, though.

In our previous brief introduction to mod_perl we showed how to install it, and how to use it to improve the performance of simple Perl-based CGI-scripts. In this conclusion we'll show how you can do more useful things with a little bit of effort.

Apache is currently the world's most popular webserver. There are many alternative webservers, but Apache was one of the first which offered real control, flexibility, and numerous available extensions. With the introduction of mod_perl you can directly control almost every aspect of your webserver with pure Perl. Read on for a brief introduction to using mod_perl.

The readline library is used by many programs which need to provide a pleasant environment for performing text entry, offering completion, history, and advanced editing facilities. There are applications which, for various reasons, do not use it, but this is something that may be fixed with the addition of the rlwrap readline wrapper.

When changing software configuration it is always a good idea to test things as thoroughly as you can. In the case of SMTP it is generally possible to test things offline pretty easily, and then perform simple tests via a manual telnet - but the SWAKS tool makes SMTP-testing even simpler.

Configuring a firewall policy using iptables can be difficult. If you do it by hand, you need to learn a complicated command line syntax and understand packet flow inside Linux kernel very well. GUI applications such as Firestarter can help build simple configuration but quickly run out of steam when security policy becomes complex. This article introduces "Firewall Builder", a GUI firewall configuration and management tool designed to help solve this problem.

I tried several times to get SMTP authentication working for use in a modern environment with much wailing and gnashing of teeth. For starters, I don't want to have to authenticate every client on my LAN. Clients coming from my home subnet should be trusted by IP and should not have to authenticate. Secondly, I want to be able to relay mail from any client if that client authenticates via TLS from anywhere on the internet. Hopefully this will save other people some time and sanity.

Handling mostly old or problematic hardware and not always having a stable internet connection, I have been struggling to find a live-cd/usb-key system which is slim, easy and fast to customize, fully encryptable and includes the debian network installer.

In the quest for the fastest boot ever (see Booting Debian in 14 seconds), you may want to consider setting the variable CONCURRENCY=shell in /etc/default/rcS, recalling from your your theoretical studies that "Parallel is faster than Sequential."

Our main development servers at work use almost 100% free software; however, recently I had a rare pleasure of having to install a piece of a binary blob. The Blob reared its ugly head as soon as I tried its installation routine. Read on to see how per-process namespaces can help defeat The Blob.

I just upgraded from an older version of Lenny to latest. When the upgrade finished, an alert appeared noting that root partition is full. As a consequence of this problem (I think) I can't save or print Open Office documents.

Today, after several months of delays, the next new stable release of Debian Lenny was announced. This release features many changes not least of which is a newer kernel and supporting tools allowing for improved hardware support.

Since I began programming I have worked on at least a hundred different computers: university workstations, my own computers, dozens of employer and client workstations. Each one had a history file loaded with commands that I begged, borrowed, stole, sweated and cried for. Countless hours of work now long gone or rotting somewhere in a stack of backups.

If you're like me you'll run Debian GNU/Linux upon a number of hosts and at times you'd like to run a command or two upon all of those hosts. There are several ways you can accomplish this, ranging from manually connecting to each host in turn, to the more complex solutions such as CFEngine or Puppet. Midway between the two you can use pssh to run commands upon multiple hosts.

Are you tired of getting multi-thousand line emails from the logcheck package that contain multiple reports of denied queries from named? If so this article will show how you can reject these DDOS attempts via the fail2ban package.

If, like many people, you've started to experiment with enabling, configuring, and using, IPv6 it might not have crossed your mind to update your firewall. This could lead to surprises if you're unlucky. Read on for a simple overview.